WebTrends Multiple Products Stored Password Vulnerability

WebTrends Multiple Products Stored Password Vulnerability

Several WebTrends products can be configured to run as a service at startup and use the MAPI features of Windows NT to email reports. The account and MAPI profiles used, along with the passwords for each, are stored in the WebTrend.ini file in the program's installation folder. This file has Everyone: Full Access permissions by default. The stored passwords are encrypted with a weak algorithm.